Information security policies
ISO/IEC TR 27550

Search this site

Security awareness content

ISO/IEC TR 27550:2019 — Information technology — Security techniques — Privacy engineering for system life cycle processes Published Sept 2019


‘Privacy engineering’ involves taking account of privacy during the entire cradle-to-grave lifecycle of ICT systems, such that privacy is and remains an integral part of their function.


Scope of the standard

This is an IT security standard about engineering ICT systems to satisfy privacy requirements relating to the protection of personal data.


Content of the standard

The standard:

  • Discusses how privacy engineering supports system and security engineering, information risk management, knowledge management etc.
  • Elaborates on conceptual principles such as privacy-by-design and privacy-by-default, important design goals noted in GDPR and elsewhere;
  • Elaborates on the processes for identifying, evaluating and treating privacy risks in the course of ICT systems design;
  • Explains how ICT systems can be engineered to support and satisfy the OECD privacy principles.


Published in September 2019.


Personal notes

The procedures for operating, using, monitoring, managing and maintaining IT systems and their privacy controls are just as important as the technical controls themselves, and also benefit from being systematically developed (specified, designed, documented, mandated, operated, monitored, maintained ...): I am glad this standard is not totally focused on the technology.


< Previous standard      ^ Up a level ^      Next standard >

Copyright © 2019 IsecT Ltd.